Data Protection Act

Kanoo Ltd complies with the March 2000 Data Protection Act.

DATA PROTECTION

  • The Data Protection Act 1998 came into effect on 1 March 2000. The Act regulates the use of personal data and gives effect in UK law to the European Directive on Data Protection. The Data Protection Act is based on a European Directive which requires member states ‘to protect the fundamental rights and freedoms of natural persons, in particular their right to privacy with respect to the processing of personal data’.
  • The Data Protection Act is concerned with ‘personal data’. Personal data is information about living, identifiable individuals. It is not necessarily sensitive information; it can be just a name and an address. Virtually any organisation that holds data is affected, whether a sole trader, partnership or large multi-national company. The Act applies only to records relating to people, rather than companies

PRINCIPLES OF DATA PROTECTION

  • There are eight data protection principles which are central to the 1998 Act. Anyone processing personal data must comply with these principles of good practice. They state that personal data must be:

    1. Fairly and lawfully processed
    2. Processed for limited purposes and not in any manner incompatible with these purposes
    3. Adequate, relevant and not excessive
    4. Accurate
    5. Not kept for longer than is necessary
    6. Processed in line with data subjects’ rights
    7. Secure
    8. Not transferred to non European Economic Area (EEA) countries without adequate provision.

Personal data applies to both facts and opinions about individuals. When information is collected about individuals the data controller must be open and honest with regards to why the data is wanted. Controllers must have a legitimate reason for processing the data. The definition of processing is far wider than that under the 1984 Act, and incorporates the concepts of ‘obtaining’, ‘recording’, ‘retrieval’, ‘consultation’, ‘holding’, ‘disclosing’ and ‘use’.

SENSITIVE DATA

The Data Protection Act makes specific provision for sensitive personal data. These are:

  • The racial or ethnic origin of data subjects
  • Political opinions
  • Religious beliefs or other beliefs of a similar nature
  • Membership of trade unions
  • Physical or mental health or condition
  • Sex life
  • The commission or alleged commission by them of any offence
  • Any proceedings for any offence committed or alleged to have committed by them, the disposal of such proceedings or the sentence of any court in such proceedings.

Such sensitive data may only be processed where one or more of the following conditions are met:

  • Where the individual has given their explicit consent
  • Where the data controller is required by law to process the data to meet statutory or legal requirements
  • Where it is necessary to process the information in order to protect the vital interests of the data subjects or another
  • Where the data controller is dealing with the administration of justice or legal proceedings.
  • Sensitive information of the above nature will not normally be required in a database on individuals, and must be
  • protected by adequate safeguards. It must not be disclosed to a third party without the explicit consent of the individual concerned.
© Kanoo UK Ltd
Powered by SiteWise